NEW-WAF Not Detecting SQL Injection in JSON Request Body

What is the name of the domain?

What is the error number?

NONE

What is the error message?

Dear Cloudflare Support Team, We have noticed that our Cloudflare WAF rules are not blocking SQL injection attempts when malicious code is embedded inside a JSON request body. Despite having Cloudflare Managed Rulesets enabled, certain payloads like

What is the issue you’re encountering

Dear Cloudflare Support Team, We have noticed that our Cloudflare WAF rules are not blocking SQL injection attempts when malicious code is embedded inside a JSON request body. Despite having Cloudflare Managed Rulesets enabled, certain payloads like { “dynamics_LeadRecruiter”: “CHRISTOPHER GATES’ ||pg_sleep(20)–” }

What is the current SSL/TLS setting?

Off

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.